Deprecated functions in OSX

[secworks]

Aloha!

I tried to build and run keychaindump on OSX 10.8.1 with updated tools. The program builds and works fine. But during compilation I get warnings regarding the DES-functions used in OpenSSL:

eychaindump.c: In function ‘decrypt_3des’: keychaindump.c:209: warning: ‘DES_set_key’ is deprecated (declared at /usr/include/openssl/des.h:225) keychaindump.c:210: warning: ‘DES_set_key’ is deprecated (declared at /usr/include/openssl/des.h:225) keychaindump.c:211: warning: ‘DES_set_key’ is deprecated (declared at /usr/include/openssl/des.h:225) keychaindump.c:214: warning: ‘DES_ede3_cbc_encrypt’ is deprecated (declared at /usr/include/openssl/des.h:181)

Googling provides an easy 'fix', which is to add -Wno-deprecated-declarations This only hides the warnings (naturally).

The question is what to replace those OpenSSL calls with? One suggestion seems to be to replace with Apple CommonCrypto API calls. But why not use OpenSSL?

[juuso]

The same warnings appear on any recent version of OS X. I simply didn't care about them, as this was merely a quick example tool. For now, it's probably enough that the build actually works.

If the warnings worry you, there are plenty of other ways you can implement DES. This was just the quickest and easiest, in my opinion. If you end up fixing the warnings with a more robust solution, I'd be very happy to get a pull request!

[x43x61x69]

Those warnings were due to 10.8 SDK, Apple will use CommonCrypto instead of OpenSSL.

But so far all version of OS X still have OpenSSL built in, so I don't think it's really an "issue" here. (for a PoC)

You can build your own .a files with the code to shut the warnings.

[Alla87]

Hi,

I am also having trouble running the keychaindump script during compiling with xcode 4. I am getting following warning and error messages asking me:-

DES_set_key is deprecated.

Has anyone managed to compile it, as i need access to this code. I would be grateful if someone can send me an amended script.

Thankyou

[juuso]

As a quick fix, could you simply compile it with gcc instead of Xcode?

[Alla87]

Thanks for your reply Jusso. I can try, would GCC do exactly the same as Xcode?

Pardon my ignorance as coding in C isn't a strong point, would compiling the script in GCC rid the warnings and errors that xcode shows when building the script?

[juuso]

Gcc will show you some warnings, but there should be no errors. Of course, you would have known that if you tried :). The build instructions are right there in the .c file.

[Alla87]

Thanks, how can i download GCC on a Mac? Do i install it the same as Xcode?

After building the keychaindump.c file using GCC,

Do you run the following commands in the Mac terminal?

$ gcc keychaindump.c -o keychaindump -lcrypto

[juuso]

I don't want to be rude, but I highly suggest you google these things. Otherwise, you'll be here all day/night, asking about the next step.

[secworks]

I assume this isn't really relevant anymore.